Archive

Posts Tagged ‘vsphere’

Generating vCenter Solution User Certificates With Custom Names

September 28th, 2018 No comments

Many enterprises require replacing all vCenter certificates with Enterprise CA trusted certificates.

vSphere 6.5 has made the certificate updating process so much easier than the complication of the vSphere 5.x days.

Basic vCenter now has a single Machine SSL certificate as well as four Solution user certificates: machine (different from machine SSL), vpxd, vpxd-extension, vsphere-webclient.

Although the Solution user certificates are only used for internal vCenter communication, many enterprise security standards require using enterprise CA issues certificates for everything.

BTW, when you migrate from a Windows vCenter 5.5 to VCSA 6.5 using the excellent migration tool, only the Machine SSL certificate is taken across, the Solution user certificates remain self-signed and may need to be manually updated.

Each Solution user certificate needs to have a unique name.

Also remember, the SubjectAltName must contain DNS Name=machine_FQDN

I used the great guide from Ian Sanderson for updating the certs as a base https://www.snurf.co.uk/vmware/replace-ssl-certificates-on-vmware-psc-v6-5/

You can use the VMware supplied vSphere Certificate Manager in the VCSA (sidebar, you should really be using the VCSA rather than Windows by now!) to generate the solutions user certificate.

/usr/lib/vmware-vmca/bin/certificate-manager

When you select Option 5 and then Option 1 to generate the certificate private keys and certificate signing requests to send off to your Enterprise CA, the tool has a particular format for the signing requests.

Read more…

Categories: vCenter, VMware Tags: , , ,

UKVMUG: The unofficial lowdown on everything announced at VMworld

November 18th, 2014 No comments

vmug-logoI have had the pleasure today of presenting at the 4th annual UK VMware User Group conference at the National Motorcycle Museum in Solihull near Birmingham.

I did a whirlwind tour of everything that was announced at VMworld and believe me, there was a huge amount. OK, so no major release which is the norm (but plenty of teasers) but enough other things going on in the VMware space to fill more than a UKVMUG! I know, I’ve done the research! Even though I was at VMworld US, so much was going on that I didn’t appreciate all the new shiny things being announced and once you start getting down to the nitty gritty of everything, you will be amazed at how much is going on.

I really didn’t have time to go through everything in detail so the presentation acts as an independently curated jumping off point for you to find out more information about the announcements that matter to you. You may not care particularly about hyper-converged or OpenStack so you can flick through the slides and then head off to continue your explorations.

Thanks for having me UKVMUG!

Here’s the presentation: